[FIX] relaxed requirement for the operator key when deleting an user …

…if --revoke was not specified. Fixes #652
nats-io · May 30, 2024 · 067a8ed · 067a8ed
1 parent 01db6f2
commit 067a8ed
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/cmd/deleteuser.go b/cmd/deleteuser.go
@@ -166,8 +166,10 @@ func (p *DeleteUserParams) Validate(ctx ActionCtx) error {
 		}
 	}
 
-	if err := p.SignerParams.Resolve(ctx); err != nil {
-		return err
+	if p.revoke {
+		if err := p.SignerParams.Resolve(ctx); err != nil {
+			return err
+		}
 	}
 
 	return nil

diff --git a/cmd/deleteuser_test.go b/cmd/deleteuser_test.go
@@ -159,3 +159,24 @@ func Test_DeleteUserFromDiffAccountInteractive(t *testing.T) {
 	_, err = os.Stat(ts.KeyStore.GetUserCredsPath("A", "a"))
 	require.True(t, os.IsNotExist(err))
 }
+
+func Test_RevokeUserRequiresOperatorKey(t *testing.T) {
+	ts := NewTestStore(t, "O")
+	defer ts.Done(t)
+
+	ts.AddAccount(t, "A")
+	ts.AddUser(t, "A", "U")
+
+	_, err := ts.Store.ReadUserClaim("A", "U")
+	require.NoError(t, err)
+
+	opk, err := ts.Store.GetRootPublicKey()
+	require.NoError(t, err)
+	require.NoError(t, ts.KeyStore.Remove(opk))
+
+	_, _, err = ExecuteCmd(createDeleteUserCmd(), "--name", "U", "--revoke")
+	require.Error(t, err)
+
+	_, _, err = ExecuteCmd(createDeleteUserCmd(), "--name", "U")
+	require.NoError(t, err)
+}